Iranian CERT Warns of Data-Wiping Malware

The threat only deletes files on certain days, experts say

Maher CERTCC discovers data-wiping malware

Iran’s Maher CERTCC has issued an alert to warn organizations about a new piece of malware that’s designed to wipe files from the computers it infects. The organization claims that antivirus solutions are not capable of detecting the threat.

Symantec experts have also analyzed the malicious element and they reveal that the malware is not really sophisticated. It simply wipes all the data from the drives labeled D through I.

The threat also deletes the files located on the Desktop of the user who is logged in at the time of the attack. Once the deletion process is complete, Chkdsk is run on the affected drives.

One noteworthy thing about this malware is that it only deletes files on certain dates. For instance, since it was discovered, it only worked on December 10, 11 and 12, 2012.

It appears it will work for three days in each of the following months: January 2013, May 2013, July 2013, November 2013, February 2014, May 2014, August 2014 and February 2015.

So far, researchers haven’t been able to find any connection between this new malware and Stuxnet, Gauss or Flame.